Sumário: SELinux is preventing /sbin/ip6tables-multi "read" access on /proc//cmdline. Descrição detalhada: [iptables tem um tipo permissivo (iptables_t). Esse acesso não foi negado.] SELinux denied access requested by ip6tables. It is not expected that this access is required by ip6tables and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Permitindo acesso: You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please file a bug report. Informações adicionais: Contexto de origem system_u:system_r:iptables_t:s0-s0:c0.c1023 Contexto de destino unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 023 Objetos de destino /proc/<pid>/cmdline [ file ] Origem iptables Caminho da origem /sbin/iptables-multi Porta <Desconhecido> Máquina (removed) Pacotes RPM de origem iptables-ipv6-1.4.5-1.fc12 Pacotes RPM de destino RPM da política selinux-policy-3.6.32-41.fc12 Selinux habilitado True Tipo de política targeted MLS habilitado True Modo reforçado Enforcing Nome do plugin catchall Nome da máquina (removed) Plataforma Linux (removed) 2.6.31.5-127.fc12.i686 #1 SMP Sat Nov 7 21:41:45 EST 2009 i686 athlon Contador de alertas 8 Visto pela primeira vez em Qua 21 Abr 2010 14:02:50 BRT Visto pela última vez em Qua 21 Abr 2010 14:02:50 BRT ID local f5e53b0c-1d6b-4a24-90a2-d17fe489217f Números de linha Mensagens de auditoria não p node=(removed) type=AVC msg=audit(1271869370.979:21546): avc: denied { read } for pid=3687 comm="ip6tables" path="/proc/2879/cmdline" dev=proc ino=366863 scontext=system_u:system_r:iptables_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=file node=(removed) type=SYSCALL msg=audit(1271869370.979:21546): arch=40000003 syscall=11 success=yes exit=0 a0=946f410 a1=946f338 a2=9449750 a3=946f338 items=0 ppid=3676 pid=3687 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/sbin/ip6tables-multi" subj=system_u:system_r:iptables_t:s0-s0:c0.c1023 key=(null) Hash String generated from selinux-policy-3.6.32-41.fc12,catchall,iptables,iptables_t,unconfined_t,file,read audit2allow suggests: #============= iptables_t ============== allow iptables_t unconfined_t:file read;
*** This bug has been marked as a duplicate of bug 584487 ***